10150176Intermediate Networking
Course Information
Description
Students will install, configure, and secure access points and enable devices to associate to the WLAN. Students are introduced to computer network vulnerabilities and threats and learn to safeguard networks using current wireless technologies. Students will focus on the design, planning, implementation, operation, troubleshooting and securing of LANs and WLANs.
Total Credits
Course Competencies
  1. Describe WLAN fundamentals
    Assessment Strategies
    Describe basics of spread spectrum technology (modulation, DSS, OFDM, MIMO,Channels reuse and overlap, Rate-shifting, CSMA/CA)
    Describe the impact of various wireless technologies (Bluetooth, WiMAX, ZigBee,cordless phone)
    Describe wireless regulatory bodies, standards and certifications (FCC, ETSI, 802.11a/b/g/n, WiFi Alliance)
    Describe WLAN RF principles (antenna types, RF gain/loss, EIRP, refraction, reflection, ETC)
    Describe networking technologies used in wireless (SSID --> WLAN_ID --> Interface-- >VLAN, 802.1q trunking)
    Describe wireless topologies (IBSS, BSS, ESS, Point-to-Point, Point-to-Multipoint, basic Mesh, bridging)
    Describe 802.11 authentication and encryption methods (Open, Shared, 802.1X, EAP, TKIP, AES)
    Describe frame types (associated/unassociated, management, control, data)

  2. Install a basic Cisco wireless LAN
    Assessment Strategies
    Describe the basics of the Cisco Unified Wireless Network architecture (Split MAC, LWAPP, stand-alone AP versus controller-based AP, specific hardware examples)
    Describe the Cisco Mobility Express Wireless architecture (Smart Business Communication System -- SBCS, Cisco Config Agent -- CCA, 526WLC, 521AP - stand-alone and controller-based)
    Describe the modes of controller-based AP deployment (local, monitor, HREAP, sniffer, rogue detector, bridge)
    Describe controller-based AP discovery and association (OTAP, DHCP, DNS, Master-Controller, Primary-Secondary-Tertiary, n+1 redundancy)
    Describe roaming (Layer 2 and Layer 3, intra-controller and inter-controller, mobility groups)
    Configure a WLAN controller and access points WLC: ports, interfaces, WLANs, NTP, CLI and Web UI, CLI wizard, LAG AP: Channel, Power
    Configure the basics of a stand-alone access point (no lab) (Express setup, basic security)
    Describe frame types (associated/unassociated, management, control, data)

  3. Install Wireless Clients
    Assessment Strategies
    Describe client OS WLAN configuration (Windows, Apple, and Linux.)
    Install Cisco ADU
    Describe basic CSSC
    Describe CCX versions 1 through 5

  4. Implement basic WLAN Security
    Assessment Strategies
    Describe the general framework of wireless security and security components (authentication, encryption, MFP, IPS)
    Describe and configure authentication methods (Guest, PSK, 802.1X, WPA/WPA2 with EAP- TLS, EAP-FAST, PEAP, LEAP)
    Describe and configure encryption methods (WPA/WPA2 with TKIP, AES)
    Describe and configure the different sources of authentication (PSK, EAP-local or - external, Radius)

  5. Operate basic WCS
    Assessment Strategies
    Describe key features of WCS and Navigator (versions and licensing)
    Install/upgrade WCS and configure basic administration parameters (ports, O/S version, strong passwords, service vs. application)
    Configure controllers and APs (using the Configuration tab not templates)
    Configure and use maps in the WCS (add campus, building, floor, maps, position AP)
    Use the WCS monitor tab and alarm summary to verify the WLAN operations

  6. Conduct basic WLAN Maintenance and Troubleshooting
    Assessment Strategies
    Identify basic WLAN troubleshooting methods for controllers, access points, and clients methodologies
    Describe basic RF deployment considerations related to site survey design of data or VoWLAN applications, Common RF interference sources such as devices, building material, AP location Basic RF site survey design related to channel reuse, signal strength, cell overlap
    Describe the use of WLC show, debug and logging
    Describe the use of the WCS client troubleshooting tool
    Transfer WLC config and O/S using maintenance tools and commands
    Describe and differentiate WLC WLAN management access methods (console port, CLI, telnet, ssh, http, https, wired versus wireless management)

  7. Describe the security threats facing modern network infrastructures
    Assessment Strategies
    Describe and list mitigation methods for common network attacks
    Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
    Describe the Cisco Self Defending Network architecture

  8. Secure Cisco Routers
    Assessment Strategies
    Secure Cisco routers using the SDM Security Audit feature
    Use the One-Step Lockdown feature in SDM to secure a Cisco router
    Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
    Secure administrative access to Cisco routers by configuring multiple privilege levels
    Secure administrative access to Cisco routers by configuring role based CLI
    Secure the Cisco IOS image and configuration file

  9. Implement AAA on Cisco routers using local router database and external ACS
    Assessment Strategies
    Explain the functions and importance of AAA
    Describe the features of TACACS+ and RADIUS AAA protocols
    Configure AAA authentication
    Configure AAA authorization
    Configure AAA accounting

  10. Mitigate threats to Cisco routers and networks using ACLs
    Assessment Strategies
    Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
    Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
    Configure IP ACLs to prevent IP address spoofing using CLI
    Discuss the caveats to be considered when building ACLs

  11. Implement secure network management and reporting
    Assessment Strategies
    Describe the operational strengths and weaknesses of the different firewall technologies
    Explain stateful firewall operations and the function of the state table
    Implement Zone Based Firewall using SDM

  12. Mitigate common Layer 2 attacks
    Assessment Strategies
    Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features

  13. Implement the Cisco IOS firewall feature set
    Assessment Strategies
    Describe the operational strengths and weaknesses of the different firewall technologies
    Explain stateful firewall operations and the function of the state table
    Implement Zone Based Firewall using SDM

  14. Implement the Cisco IOS IPS feature set
    Assessment Strategies
    Define network based vs. host based intrusion detection and prevention
    Explain IPS technologies, attack responses, and monitoring options
    Enable and verify Cisco IOS IPS operations using SDM

  15. Implement site-to-site IPSec VPNs on Cisco Routers
    Assessment Strategies
    Explain the different methods used in cryptography
    Explain IKE protocol functionality and phases
    Describe the building blocks of IPSec and the security functions it provides
    Configure and verify an IPSec site-to-site VPN with pre-shared key authentication

This Outline is under development.